Skip to content
  • There are no suggestions because the search field is empty.

Data-Privacy Compliance

Data-Privacy Compliance Article Featured Image

If you read the first installment of this series, you know that modern privacy regulations now cover the personal data of 65% of the global population, up from just 10% in 2010. Additional U.S. privacy laws are expected to pass in 2023, bringing that number to an estimated 75% by the end of 2024. Consumer awareness of privacy regulations is growing, as are the expectations for compliance by businesses with whom they share their data.

That first data-privacy blog discussed establishing a foundation of privacy in three key areas:

  • Understanding the data you collect and how you use it

  • Knowing your current legal obligations for protecting personal data

  • Being transparent with consumers about how their data will be used and honoring their right to privacy

These are foundational steps toward achieving and maintaining compliance with privacy regulations.

This follow-up post discusses how to build on that foundation to develop and implement a data-privacy strategy that meets legal obligations, satisfies customers’ desire for protection and transparency, and positions you to successfully adapt to expanding laws and requirements.

Share a data-privacy policy in everyday language

Many businesses today share robust privacy policies on their websites. However, they’re often long and filled with intimidating legalese that makes it difficult for consumers to understand quickly and clearly what they’re agreeing to. That approach may leave a residual sense of suspicion—earned or not—as if all that legal language might be intentionally obscuring policies that favor corporate interests over individual privacy.

Consider instead how you can provide an easy-to-read and clear statement of your privacy policy and data practices. The process doesn’t need to be overly complicated or overwhelming. Consider it an opportunity to highlight how much your company values its customers—to demonstrate to customers that they’re making the right choice by doing business with you.

Remember that privacy policies are contracts that are considered legally binding. In fact, your privacy policy should state that it is a legal document and that consumers are agreeing to its terms by sharing their data.

A few principles to keep in mind when crafting a policy for data privacy—and all your consumer-facing communications:

  • Be honest

A privacy statement is a great chance to say what you do and do what you say. It’s an opportunity to be transparent about how your brand is attempting to create a better experience.

  • Keep it simple

Privacy policies shouldn’t be hard to understand. Create a privacy policy in plain, conversational language that reflects your brand voice. You will earn credibility by being straightforward and thorough.

  • Stay genuine

Ensure your company’s internal policies align with the posted privacy policy. Then scrupulously follow through on the described commitments. Policies that place users’ privacy first and foremost will contribute to a loyal consumer base that genuinely trusts the brand.

That last one is vital. Enforcement action for failing to comply with data-privacy laws can be a true detriment to consumer trust. While the average consumer may not be closely following the details of government-imposed privacy regulations, they notice when companies, e.g., Sephora or Google, are fined for poor privacy practices.

Develop a zero-party data strategy

Increased government legislation, the phasing-out of cookies, and greater reliance on browser privacy features impact the ability of brands to offer customized content. But zero-party data, i.e., information a consumer proactively and intentionally decides to share, can be a powerful alternative.

A recent global research survey conducted by The Lacek Group shows consumers are willing to share data with brands in exchange for a personalized experience that’s relevant to their wants and needs. They also want to be in control of what data is shared to obtain a personalized experience. Evolving consumer preferences, combined with active regulatory enforcement and the potential for crippling financial penalties for noncompliance, mean a plan for the use of zero-party data is imperative.

Zero-party data helps you gain insights into your customers’ preferences, intent, and pain points. The information can inform the content your brand creates to educate and entertain your customers. By understanding your customers and where they spend their money, your brand can focus its messaging to provide a customer-centric user experience.

The real value in zero-party data comes from your customers’ intent to give it to you. While first-, second-, and third-party data can be collected, a key difference is that it’s not all freely given by the customer to your brand. That matters when data privacy concerns are at an all-time high.

Understand the value of zero-party data

Find ways to make sharing personal data simple and worthwhile for your brand’s customers. Using a consent-based process supports consumer rights and helps businesses stay compliant. A key advantage of using zero-party data is its accuracy. Additionally, since it’s freely given, there are no concerns regarding whether the data was legally acquired.

Gathering zero-party data eliminates the “creepy factor” consumers can sometimes experience when they’re marketed to by a brand using personal info they didn’t freely share. That doesn’t support a trusting relationship. A zero-party data strategy ensures customers aren’t surprised when the personal information they provide informs a tailored customer experience. It also eliminates guesswork for brands trying to personalize the customer journey.

It’s important to note, a zero-party data strategy is critical because organizations must have a legal basis for collecting and using personal data. It is against the law to collect data that you have no defined purpose for. Having a data strategy and being transparent about what information you collect, why you collect it, and how you use it is critical for gaining and maintaining the trust of consumers—and for meeting regulatory requirements.

Collect zero-party data

Organizations can choose many ways to engage with customers to collect and use zero-party data to improve the customer experience. It’s equally important to use the process to build consumer trust while staying compliant with the growing data privacy regulations.

Here are some examples your brand might consider:

  • Quizzes: Consider the traditional brick-and-mortar experience. While browsing, customers are often engaged by a salesperson asking what they’re looking for. Quizzes offer an online version of this interaction. They’re a great way to collect zero-party data and provide a reciprocal value to the customer in the form of product recommendations.

  • Conversational pop-ups: The digital equivalent of a store associate checking in as you browse, pop-ups can be used to gather one or two data points for every customer. For example, in response to a simple question (such as “What are you looking for today?”), an initial pop-up box might invite the customer to click to choose among a brand’s top categories. That might be followed by an invitation to share an email address to receive a discount for products in that category. These quick interfaces are a great tool for improving personalization and increasing sales without adding friction to the customer experience.

  • Post-purchase surveys: Finding out what your customers liked about your brand and products can help you drive future sales. An emailed survey with an incentive for completing it could provide insights into what customers like or don’t like about your brand and its messaging.

  • Social media polls: A poll can be a quick way to ask customers for their direct opinions and get immediate product feedback.

Monitor compliance and brand trust

With data-privacy strategies in place, an important next step for organizations is to monitor the effectiveness of compliance initiatives and consumer trust. For example, consider using these questions to regularly assess your treatment of data:

  • Is the data you collect still relevant for the purposes you intended?

  • Are you tracking your consumer data inquiries and responses to consumer inquiries?

  • Are you deleting data you no longer need?

  • Have all your employees completed your security and privacy training?

  • How many privacy impact assessments have you completed?

  • Are you maintaining data inventories that track the data you collect, store, process, and share?

Additionally, understanding what consumers are saying about your brand will offer insights into how well your processes are performing. Analyzing customer reviews, reviewing customer feedback and Net Promoter Scores, and tracking social media chatter may provide insights into brand trust. Businesses may find that their privacy policies aren’t as clear and concise as intended and adjustments may be needed.

Get ahead of data privacy, the new frontier

Given the pace of data-privacy developments, within the next few years, most countries and U.S. states will have privacy laws in force and dedicated teams enforcing them. It’s not a matter of if but rather when the new data restrictions and consumer expectations will impact your business. Staying ahead of the changes by creating a strong privacy foundation through the organization is key.

Assessing and adjusting data privacy will likely be an ever-evolving element of your business. Stay informed on regulatory developments. Reputable resources are available, including subscriptions to trade magazines and legal journals in your business category; international legal updates; analysis and insights from sources such as Lexology, government-sponsored resources such as the National Conference of State Legislatures, or regulatory tracking organizations such as the International Association of Privacy Professionals, a community of global privacy information experts.

Data privacy is a priority, whether or not companies are ready. Consult a qualified professional if you lack appropriate in-house knowledge or understanding of the data-privacy requirements relevant to your business. Understanding recent developments and pending litigations that may affect your business practices is a smart way to stay ahead of the curve.

Wanda Kauffman is director, technology solutions for The Lacek Group, a Minneapolis-based data-driven loyalty, experience, and customer engagement agency that has been delivering personalization at scale for its world-class clients for more than 30 years. The Lacek Group is an Ogilvy company.